Adobe is urging users of its document and graphics server equipment to harden their systems after the discovery of a critical flaw.
Danish vulnerability testing firm Secunia first reported the flaw, which it describes as 'moderately critical', in July 2005 but it has taken until now for Adobe to fix the problem. Adobe has issued an advisory on its website.
The problem is caused when the 'saveContent' and 'saveOptimized' Adobe Document Server commands are used. This may save files anywhere on the system, including those areas with full access privileges.
"The request can be constructed to save this graphics file with an HTA extension causing the file to be executed the next time any user logs in.
"A request containing 'loadContent' can also be sent to retrieve arbitrary graphics or PDF files from the server, potentially exposing sensitive information."
Adobe recommends adapting local access controls to mitigate against the problem, and officially thanked Secunia for bringing the issue to its attention.
Should you link your data sets to add value, or leave them separate to reduce risk?
Can process camera images in real-time at up to 171 frames per second
Graphene and Kevlar used to make 'the world's toughest' shoes
Ecostress instrument will provide new insights into water usage and plant health on Earth